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DETAILED ACTION 

1 . This action is in response to application amendments filed on 6-18-2008. 

2. Claims 22 - 37 are pending. Claims 1 - 21 have been canceled. Claims 22, 31 
are independent. This application was filed on 6-23-2003. 

Response to Arguments 

3. Applicant's arguments filed 6/1 8/2008 have been fully considered but they were 
not persuasive. 

3.1 Applicant argues that the referenced prior art does not disclose "in response to a 

LOAD command received from the MPU, the APU is configured... to partition the local 
store into a general access section accessible by the MPU and an isolated section 
accessible only by the APU". (see Remarks Page 6) 

The Ellison prior art discloses that an instmction or command such as a LOAD 
command is used. The Ellison prior art does not specifically disclose the LOAD 
command but the prior art discloses that a command Is used to invoke the isolated 
execution state, (see Ellison Figure 1C: host (processor) bus; col. 4, lines 40-45: 
interface between processors and memory, I/O controller; col. 4, lines 63-65; col. 3, 
lines 43-49: isolated mode instruction is executed; verifies and loads code (software)) 

The Smeets prior art specifically discloses a MPU and an APU, the secure (APU) 
and insecure (MPU) processors, (see Smeets col. 2, lines 19-23: one processor secure 
mode; and one processor insecure mode) 
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And, the Ellison prior art discioses the isolated region is only accessible by the 
secure processor, (see Ellison col. 6, lines 15-18: access to the isolated area is 
restricted) 

3.2 Applicant argues that the referenced prior art does not disclose that the "isolated 
area is established in response to invoking of the isolated execution mode", (see 

Remarks Page 7) 

The Ellison prior art discioses that the isolated region is configured (established) by 
the execution of the instruction to invoke the isolated operational state, (see Ellison col. 
4, lines 63-65; col. 3, lines 43-49: isolated mode instruction is executed; verifies and 
loads (configures) code or software for isolated operation) 

3.3 Applicant argues that the referenced prior art does not disclose, "isolated section 
accessible only by the APU". (see Remarks Page 8) 

The Smeets prior art discloses the situation where one processor is operational in 
a secure mode and a second processor is operational in an insecure mode at the same 
time, (see Smeets Figure 1 (18: insecure processor); (20: security module); Figure 2 
(30: secure processor); col. 2, lines 2-5; coi. 2, lines 19-23: one processor secure mode; 
one processor insecure mode) And, the Ellison prior art discloses that the isolated 
region is only accessible by the secure processor, (see Ellison col. 5, lines 15-18: 
access to the isolated area is restricted) 



Claim Rejections - 35 USC § 103 
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4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

5. Claim 22 - 27, 29 - 36 are rejected under 35 U.S.C. 103 (a) as being 
unpatentable over Ellison et al. (US Patent No. 7,082,615) in view of Smeets et al. 
(US Patent No. 6,769,062). 



Regarding Claim 22, Ellison discloses a secure processing system, comprising: 

a) a main processor unit (MPU) coupled to a processor bus; (see Ellison Figure 1C: 
host (processor) bus; col. 4, lines 40-45: interface between processors and 
memory, I/O controller) 

b) an attached processor complex (APC) coupled to the processor bus and 
comprising: a local store configured to store computer instructions and data; (see 
Ellison col. 4, lines 63-65; col. 3, lines 45-47: load code and data (software), local 
store) 

c) an attached processor unit (APU) coupled to the local store; wherein the APC is 
configured to receive commands from the MPU via the processor bus, to store a 
cryptographic master key (see Ellison col. 4, lines 63-65: APU coupled to host 
(processor) bus; col. 6, lines 38-42: cryptographic key storage), and to operate in 
a non-isolated state and an isolated state; (see Ellison col. 4, lines 16-22: 
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partitioned memory, isolated and non-isolated) and 

Ellison discloses wherein in response to a LOAD command received from the MPU 
(see Ellison col. 3, lines 43-45: privileged instruction (such as load command) 
received and processed by processor), the ARC is configured to transition from the 
non-isolated state to the isolated state (see Ellison col. 4, lines 16-22: based on 
privileged instruction: partitioned memory, isolated and non-isolated), to transfer a 
set of computer instructions or data into the isolated section of the local store (see 
Ellison col. 3, lines 21-25; col. 3, lines 45-49: load code and data to isolated region), 
and to use the master key to extract and decrypt a portion of the computer 
instructions or data stored in the isolated section of the local store, thereby 
producing another cryptographic key. (see Ellison col. 10, lines 6-8; col. 9, lines 64- 
65; col. 10, lines 16-19: decryption (i.e. key) utilized loading image) 

Ellison discloses wherein to partition the local store into a general access section 
and an isolated section, (see Ellison col. 4, lines 16-22: partition into isolated and 
non-isolated sections) Ellison does not specifically disclose a general access 
section accessible by the MPU and an isolated section accessible only by the APU. 
However, Smeets discloses: 

d) wherein a general access section accessible by the MPU and an isolated section 
accessible only by the APU. (see Smeets Figure 1 (18: insecure processor); (20: 
security module); Figure 2 (30: secure processor); col. 2, lines 2-5; col. 2, lines 
19-23: one processor secure mode; one processor insecure mode; col. 3, lines 
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18-20; col. 3, lines 26-28: not a secure processor (main processor); col. 3, lines 

58-60: secure processor) 
It would have been obvious to one of ordinary skill in the art to modify Ellison to 
enable the capability for a general access section accessible by the MPU and an 
isolated section accessible only by the APU as taught by Smeets. One of ordinary 
skill in the art would have been motivated to employ the teachings of Smeets in 
order to enable the capability to ensure security based on the widespread usage of 
digital signatures for electronic commerce and other applications requiring 
technology for the secure storage of private keys, (see Smeets col. 1 , lines 44-50: " 
...To ensure the integrity of commercial transactions and to prevent fraud, it is 
necessary for users to keep tlieir private keys secret. Anyone wlio lias access to the 
private key of a user can masquerade as that user with complete anonymity. Thus, 
widespread use of digital signatures for electronic commerce and other applications 
will require technology for secure storage of private keys. ...") 

Regarding Claim 23, Ellison discloses the secure processing system as recited in 
claim 22, wherein secure processing is performed within the isolated section of the local 
store of the APC. (see Ellison col. 4, line 63 - col. 5, line 5: secure processing within 
isolated section, non-secure processing outside) 

Regarding Claim 24, Ellison discloses the secure processing system as recited in 
claim 22, wherein the cryptographic master key stored in the APC is not accessible by 
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the MPU. (see Ellison col. 6, lines 13-18: access restricted to isolated region) 

Regarding Claim 25, Ellison discloses the secure processing system as recited in 
claim 22, wherein the cryptographic master key stored in the ARC is unique to the 
secure processing system, (see Ellison col. 6, lines 64-66: unique cryptographic key (for 
platform) stored) 

Regarding Claim 26, Ellison discloses the secure processing system as recited in 

claim 22, wherein when the ARC is operating in the non-Isolated state, the general 
access section occupies the entire local store, (see Ellison col. 6, lines 13-15: Isolated 
addressing section only setup and defined when in isolated state) 

Regarding Claim 27, Ellison discloses the secure processing system as recited In 
claim 22, wherein when the ARC is operating in the isolated state, the ARC Is 
configured to respond to an EXIT command received from the MRU by clearing the 
isolated section of the local store and eliminating the isolated section of the local store, 
thereby causing the general access section to occupy the entire local store, (see Ellison 
col. 5, lines 5-10; col. 3, lines 43-49: privileged instruction (configuration commands). 
Initialize or reset isolated region) 

Regarding Claim 29, Ellison discloses the secure processing system as recited in 
claim 22, wherein the ARC further comprises a bus interface unit (BlU) coupled to the 
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processor bus, and wherein local store and the APU are coupled to the BID. (see 
Ellison col. 4, lines 40-45: MCH (bus interface unit) coupled to host (processor) bus) 

Regarding Claim 30, Ellison discloses the secure processing system as recited in 

claim 29, wherein the BID comprises a load/exit state machine (LSEM) configured to 
store the cryptographic master key. (see Ellison col. 3, lines 21-25; col. 3, lines 45-47: 
load code and data to isolated region, state machine; col. 6, lines 38-42: store 
cryptographic key) 

Regarding Claim 31, Ellison discloses a method for carrying out secure processing, 
comprising: 

a) providing a main processor unit (MPU), a processor bus, (see Ellison Figure 1C: 
host (processor) bus; col. 4, lines 40-45: interface between processors and 
memory, I/O controller) and 

b) an attached processor complex (APC), wherein the APC comprises a local store 
configured to store computer instructions and data and an attached processor 
unit (APU) coupled to the local store; (see Ellison col. 4, lines 63-65: attached 
processor (APU), isolated execution) 

d) configuring the MPU to drive a LOAD command on the processor bus in the 
event secure processing is required; (see Ellison col. 5, lines 5-10; col. 3, lines 
43-45: partitioning isolated region, initiation or configuration command) 

e) coupling the MPU to the processor bus; (see Ellison Figure 10: host (processor) 
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bus; col. 4, lines 40-45: interface between processors and memory, I/O 
controller) 

f) configuring the APC to receive the LOAD command via the processor bus, to 
store a cryptographic master key, and to operate in a non-isolated state and an 
isolated state; (see Ellison col. 5, lines 5-10; col. 4, lines 16-22: setup isolated 
and non-isolated states; col. 6, lines 38-42: store cryptographic key) 

g) configuring the APC to respond to a received LOAD command by: transitioning 
from the non-isolated state to the isolated state; (see Ellison col. 5, lines 5-10: 
configure and setup (APU, LOAD command) isolated state) 

i) transferring a set of computer instructions or data into the isolated section of the 
local store; (see Ellison col. 7, lines 41-43: software to implement; col. 3, lines 
21-25; col. 3, lines 45-47: load code or data into isolated region) 

j) using the master key to extract and decrypt a portion of the computer instructions 
or data stored in the isolated section of the local store, thereby producing another 
cryptographic key; (see Ellison col. 10, lines 6-8; col. 9, lines 64-65; col. 10, lines 
16-19: decryption (i.e. key) utilized loading image) and 

k) coupling the APC to the processor bus. (see Ellison col. 5, lines 43-46: 
processor (APC) coupled to memory) 

Ellison discloses wherein to partition the local store into a general access section 
and an isolated section, (see Ellison col. 4, lines 16-22: partition into isolated and 
non-isolated sections) Ellison does not specifically disclose a general access 
section accessible by the MPU and an isolated section accessible only by the APU. 
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However, Smeets discloses: 

h) wherein a general access section accessible by the MPU and an isolated section 
accessible only by the APU; (see Smeets Figure 1 (18: insecure processor); (20: 
security module); Figure 2 (30: secure processor); col. 2, lines 2-5; col. 2, lines 
19-23: one processor secure mode; one processor insecure mode; col. 3, lines 
18-20; col. 3, lines 26-28: not a secure processor (main processor); col. 3, lines 
58-60: secure processor) 
It would have been obvious to one of ordinary skill in the art to modify Ellison to 
enable the capability for a general access section accessible by the MPU and an 
isolated section accessible only by the APU as taught by Smeets. One of ordinary 
skill in the art would have been motivated to employ the teachings of Smeets in 
order to enable the capability to ensure security based on the widespread usage of 
digital signatures for electronic commerce and other applications requiring 
technology for the secure storage of private keys, (see Smeets col. 1 , lines 44-50) 

Regarding Claim 32, Ellison discloses the method as recited in claim 31, wherein the 
secure processing is carried out within the isolated section of the local store of the APC. 
(see Ellison col. 4, line 63 - col. 5, line 5: secure processing within isolated section) 

Regarding Claim 33, Ellison discloses the method as recited in claim 31, wherein the 
cryptographic master key stored in the APC is not accessible by the MPU. (see Ellison 
col. 6, lines 13-18: access restricted to isolated region) 
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Regarding Claim 34, Ellison discloses the method as recited in claim 31, wherein the 
coupling of the MPU and the ARC to the processor bus forms a processing system, and 
wherein cryptographic master key stored in the ARC is unique to the processing system, 
(see Ellison col. 6, lines 64-66: unique cryptography key (for platform) stored) 

Regarding Claim 35, Ellison discloses the method as recited in claim 31, wherein when 
the ARC is operating in the non-isolated state, the general access section occupies the 
entire local store, (see Ellison col. 6, lines 13-15: isolated section only exists when setup 
and executing) 

Regarding Claim 36, Ellison discloses the method as recited in claim 31, further 

comprising: configuring the ARC to respond to a received EXIT command when 
operating in the isolated state by: clearing the isolated section of the local store; and 
eliminating the isolated section of the local store, thereby causing the general access 
section to occupy the entire local store, (see Ellison col. 3, lines 43-45; col. 5, lines 5-10: 
command (i.e. instruction) processing, initiate/exit isolated mode; col. 6, lines 13-15: 
isolated section only exists when setup and executing) 

6. Claims 28, 37 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ellison-Smeets and further in view of Worley, JR et al. (US RGRUB No. 
20020194389). 
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Regarding Claim 28, Ellison discloses the secure processing system as recited in 
claim 22, wherein the APC is configured to use the other cryptographic l<ey to decrypt 
another set of computer instructions or data, (see Ellison col. 10, lines 6-8; col. 9, lines 
64-65; col. 10, lines 16-19: decryption (i.e. key) utilized loading image) Ellison does 
not specifically disclose whereby to authenticate another set of computer instructions or 
data. However, Worley discloses wherein configured to authenticate another set of 
computer instructions or data, (see Worley paragraph [0049], lines 1-7; paragraph 
[0129], lines 9-15; paragraph [0139], lines 27-33: authentication code (instructions or 
data)) 

It would have been obvious to one of ordinary skill in the art to modify Ellison- 
Smeets to enable the capability to authenticate another set of computer instructions or 
data as taught by Worley. One of ordinary skill in the art would have been motivated to 
employ the teachings of Worley in order to enable operational control of secure 
resources without exposing privilege instructions and registers, (see Worley paragraph 
[0020], lines 16-21 : "... provide a set of secure-platform management sen/ices for 
operational control of hardware resources that neither expose privileged instructions 
and privileged registers of the hardware nor simulate privileged instructions and 
privileged registers. ...") 

Regarding Claim 37, Ellison discloses the method as recited in claim 31, wherein the 
configuring the APC to respond to a received LOAD command comprises: configuring 
the APC to respond to a received LOAD command by: 
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a) transitioning from tlie non-isolated state to the isolated state; (see Ellison col. 5, 
lines 5-10; col. 3, lines 43-45: command processing, isolated region) 

c) transferring a set of computer instructions or data into the isolated section of the 
local store; (see Ellison col. 3, lines 21-25; col. 3, lines 45-47: load code or data 

into isolated region) 

d) using the master key to extract and decrypt a portion of the computer instructions 
or data stored in the isolated section of the local store, thereby producing another 
cryptographic; (see Ellison col. 10, lines 6-8; col. 9, lines 64-65; col. 10, lines 16- 
19: decryption (i.e. key) utilized loading image) and 

Ellison discloses wherein to partition the local store into a general access section 
and an isolated section, (see Ellison col. 4, lines 16-22: partitioning memory, 
isolated and non-isolated regions) Ellison does not specifically disclose a general 
access section accessible by the MPU and an isolated section accessible only by 
theAPU. 

However, Smeets discloses: 

b) a general access section accessible by the MPU and an isolated section 
accessible only by the APU; (see Smeets Figure 1 (18: insecure processor); (20: 
security module); Figure 2 (30: secure processor); col. 2, lines 2-5; col. 2, lines 
19-23: one processor secure mode; one processor insecure mode; col. 3, lines 
18-20; col. 3, lines 26-28: not a secure processor (main processor); col. 3, lines 
58-60: secure processor) 

It would have been obvious to one of ordinary skill in the art to modify Ellison to 
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enable the capability for a general access section accessible by the MPU and an 
isolated section accessible only by the APU as taught by Smeets. One of ordinary 
skill in the art would have been motivated to employ the teachings of Smeets in 
order to enable the capability to ensure security based on the widespread usage of 

digital signatures for electronic commerce and other applications requiring 
technology for the secure storage of private keys, (see Smeets col. 1 , lines 44-50) 

Ellison-Smeets discloses wherein using the other cryptographic key to authenticate 
or decrypt another set of computer instructions or data, (see Ellison col. 10, lines 6- 
8; col. 9, lines 64-65; col. 10, lines 16-19: decryption (i.e. key) utilized loading image) 
Ellison does not specifically disclose whereby to authenticate another set of 
computer instructions or data. 
However, Worley discloses: 

e) to authenticate another set of computer instructions or data, (see Worley 

paragraph [0049], lines 1-7; paragraph [0129], lines 9-15; paragraph [0139], lines 
27-33: authentication code (instructions or data)) 
It would have been obvious to one of ordinary skill in the art to modify Ellison- 
Smeets to enable the capability to authenticate another set of computer instructions 
or data as taught by Worley. One of ordinary skill in the art would have been 
motivated to employ the teachings of Worley in order to enable operational control of 
secure resources without exposing privilege instructions and registers, (see Worley 
paragraph [0020], lines 16-21) 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
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Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Nasser G Moazzami/ Carlton V. Johnson 

Supervisory Patent Examiner, Art Unit 2436 Examiner 

Art Unit 2436 



CVJ 

October 1 , 2008 



